Analyzing Data

The datasets view allows you to gain insights from your data visually.

Rather than inspect individual events, you can run aggregations across all or a subset of events in a dataset and visualize the output. Queries can be crafted to get any level of detail from results, and are easily saved for future use as well as being easy to share with team members.

This section introduces the datasets view and its components that will unlock powerful insights from your data.

Select a Dataset

As all events in Axiom reside in a dataset, we have to first choose a dataset to analyze. When no dataset is chosen, you will be presented with a list of your datasets and quick-access panels for recent Starred Queries and Query History (see Dataset Overview for more detail):

Datasets overview

Select a dataset from the Datasets list to continue:

Datasets lists

Dataset Overview

Upon selecting a dataset, the next page will provide an overview of the dataset, its fields, starred queries, query history, and, most importantly, the Query Builder:

Dataset overview

Below we explore the different components of this view:

Fields List

The fields list gives an overview of all fields from all events that are in this dataset. Fields are presented with the following information:

Field Type

  • Supported types are:
    • string
    • number
    • boolean
    • array
  • Field names are flattened with dot-notation so an event like {"foo": { "bar": "baz" }} as a field called foo.bar

Field Name

Field names match the JSON specification, however field names containing periods (.) will be folded.

Note: You will get a 400 if you use the field name _time when either using the Elastic Search endpoint or overriding timestamp-field you can set the query parameter ?timestamp-field to set a field that will be used as a time column. Axiom accepts many date strings and timestamps without knowing the format in advance, including Unix Epoch, RFC3339, and ISO 8601.

Quick Charts

Quick charts allow fast charting of fields depending on there field type. For example, number fields will have quick charts for easily visualizing percentiles, averages, and histograms.

fields list

Virtual Fields

Virtual Fields are powerful expressions that run on every event during a query to create new fields. The virtual fields are calculated from the events in the query using an APL expression. They are similar to tools like derived-columns in other products but super-charged with an expressive interpreter and with the flexibility to add/edit/remove them at any time.

virtual fields slideout

Available on the toolbar, the Virtual Fields slide-out will allow viewing and management of a dataset's virtual fields:

virtual fields tool button

From this slide-out, you can managing existing virtual fields or create new ones. Just click "Add Virtual Field" or an existing virtual field to open the editing dialog.

Starred Queries

Starred Queries are queries that you or your team have saved for future use. They are great for keeping a list of useful queries against a dataset, and there is no implicit need to share as all starred queries for a dataset are shared between the team.

Get started by selecting the Starred Queries button on the toolbar to open the slide-out:

starred tool button

Query History

Every query you and your team members run is given a unique id and saved inside Axiom so it's very easy to share results with other members, as well as easily find a query that you might have lost and want to star for future use.

Get started by clicking the Query History button on the toolbar:

query history tool button

Once the slide-out is open, historical queries are presented in reverse-chronological order, and you can choose between your own queries or those of your team:

query history slideout

Query Builder

While the other sections help you run pre-determined or historical queries, the Query Builder component lets you begin crafting a new query. Find out more below.

Building a Query

The Query Builder is a mainstay in the Analytics page, it is always available to create or edit queries against the selected dataset:

query builder

This component is a visual query builder that eases the process of building visualizations and segments of your data. With built-in autocomplete, suggested values, and much more, the Query Builder is the quickest and easiest way to deep-dive into your data.

This guide walks you through the individual sections of the Query Builder, showing you how to get the most out of your data:

Time Range

Every query has a start and end time and the Time Range component allows quick selection of common time ranges as well as the ability to input specific start and end timestamps:

time range

  • Use the Quick Range items to quickly select popular ranges
  • Use the Custom Start/End Date inputs to select specific times
  • Use the Resolution items to choose between various time bucket resolutions

Against

When a timeseries visualization is selected, such as count, the Against menu is enabled and it is possible to select a historical time to compare the results of your time range too.

For example, if you wanted to compare the the last hour's average response time to the same time yesterday, you'd select 1 hr in the time range menu, and then select -1D from the Against menu:

Time range against menu

The results would look like this:

Time range against chart

The dotted line represents results from the 'against' date, and the totals table includes the comparative totals.

When you add your field to the group by clause the time range against values will be attached to each events

Time range against chart

Visualizations

Axiom provides powerful visualizations that display the output of running aggregate functions across your dataset. The Visualization menu allows you to add these visualizations and, where required, input their arguments:

Visualizations menu

You can select a visualization to add it to the query. If a visualization requires an argument (such as the field and/or other parameters), then the menu will allow you to select eligible fields and then allow you to input those arguments. Pressing <enter> when you are done will complete the addition:

Visualizations demo

You can click visualization in the Query Builder to edit it at any time.

analyze iconLearn about supported visualizationsgo

Filters

Use the Filter menu to attach simple or complex filter clauses to your search.

Axiom supports AND/OR operators at the top-level as well as one level deep. This means you can create filters that would read as status == 200 AND (method == get OR method == head) AND (user-agent contains Mozilla or user-agent contains Webkit).

Filters are divided up by the field type they are operating on, though some may apply to more than one field type.

Filters demo

List of Filters

String Fields

  • ==
  • !=
  • exists
  • not-exists
  • starts-with
  • not-starts-with
  • ends-with
  • not-ends-with
  • contains
  • not-contains
  • regexp
  • not-regexp

Number Fields

  • ==
  • !=
  • exists
  • not-exists
  • >
  • >=
  • <
  • <=

Boolean Fields

  • ==
  • !=
  • exists
  • not-exists

Array Fields

  • contains
  • not-contains
  • exists
  • not-exists

Special Fields

  • _time - the timestamp of the event. This is automatically set to system time if it is missing from the event.
  • _sysTime - the system time related to when the event was ingested.

_time and _sysTime can be used interchangeably for the majority of cases however, if your events do set a _time explicitly, the _sysTime can be very useful to know if events are being ingested in case of clock skews etc on your event-producing systems.

Group By (Segmentation)

When visualizing data, it can be incredibly useful to segment data into specific groups to more clearly understand how the data is behaving.

The Group By component makes it very easy to add one or more fields to group events by:

Group by

Misc Options

Order

By default, Axiom will automatically choose the best ordering for results. However you can manually set the desired order through this menu.

Limit

by default, Axiom will choose a reasonable limit for the query that has been passed in. However you can control that limit manually through this component.

The Results View

Query results are presented beside the Query Builder in the Results View:

results view

The results view adapts to the query that has been run and so it will add and remove components as necessary to give you the best experience.

The components that it can present are explained below:

Status Bar

The status bar is always visible and gives details on the currently running or last-run query.

Charts

The charts component will display all the visualizations that you have added to the query. Hovering over charts will give extra detail on each result set.

On timeseries charts, hovering over a specific time will show the same marker on similar charts for easy comparisons.

Totals Table

The totals table is the totals from each of the aggregate functions that have run for the visualizations you have requested.

If the query included group-by clauses, then there will be a row for each group that is part of the results. Hovering over a group row will highlight the group's data on timeseries charts.

Matches

If no visualizations are added to the query, then the matches table will list the raw query results (events).

Dataset View Options

The Dataset view options can be found under the settings icon when you run queries on your dataset. With the view options, you can quickly visualize your environment, identify outliers, show raw configuration changes, and detect errors and warnings.

On the View Options you can select and deselect the selections you want:

  • Wrap lines
  • Show Timestamp
  • Highlight Severity
  • Show Raw

Dataset view options

Event Timeline

The Event Timeline in Axiom's Explore view transforms your query results into a detailed distribution, providing a clear visual representation of events over time. It simplifies identifying trends and patterns, while also offering a quick way to gauge total events count across a time range.

To get started with the Event Timeline, navigate to the Explore or Datasets view.

Event Timeline

Next, run a query with your selected dataset. This will produce the desired query result. Once your query results are displayed, click on the option to show the Event Timeline.

Event Timeline run query

The timeline shows the distribution of events across the selected time range. Each bar represents the number of events matched within that specific time bucket. Hovering your cursor over a bar reveals a blue line marking the total events and shows when those events occurred in that particular time range.

Click and drag your mouse over the Event Timeline to focus on the time range. When you do this, the time range for your data automatically updates to match what you selected. And if you change the time range in the “Quick Range” tab, the Histogram updates too! It works both ways, making it bidirectional.

Event Timeline time range focus

Enjoy a clear and concise visual representation of your query results!

Benefits

  • Instant visual insights: Quickly understand the distribution of events over time without needing to interpret lines of text or numbers.

  • Effortless number crunching: The distribution does the number work for you, showing total event counts and highlighting spikes, dips, and trends.

  • Tailored data view: Adjust time ranges with ease, ensuring a customized analysis experience.

  • User-friendly interface: Designed with simplicity in mind, no additional learning is required to use this feature.

Was this page helpful?

Unable to retrieve cloud status

Copyright © 2023 Axiom, Inc. All rights reserved.